How to: Allow Database Mirroring to Use Certificates for Outbound Connections (Transact-SQL)

This topic describes the steps for configuring server instances to use certificates to authenticate outbound connections for database mirroring. Outbound connection configuration must be done before you can set up inbound connections.

Note

All mirroring connections on a server instance use a single database mirroring endpoint, and you must specify the authentication method of the server instance when you create the endpoint.

The process of configuring outbound connections, involves the following general steps:

In the master database, create a database Master Key.

In the master database, create an encrypted certificate on the server instance.

Create an endpoint for the server instance using its certificate.

Back up the certificate to a file and securely copy it to the other system or systems.

You must complete these steps for each partner and the witness, if there is one.

The following procedure describes these steps in detail. For each step, the procedure provides an example for configuring a server instance on a system named HOST_A. The accompanying Example section demonstrates the same steps for another server instance on a system named HOST_B.

Ensure that the database mirroring endpoint exist on each of the server instances.

If a database mirroring endpoint already exists for the server instance, you should reuse that endpoint for any other sessions you establish on the server instance. To determine whether a database mirroring endpoint exists on a server instance and to view its configuration, use the following statement:

If no endpoint exists, create an endpoint that uses this certificate for outbound connections and that uses the certificate's credentials for verification on the other system. This is a server-wide endpoint that is used by all mirroring sessions in which the server instance participates.

For example, to create a mirroring endpoint for the example server instance on HOST_A.